CLAIMS 



Having thus described our invention, what we claim as new and 
desire to secure by Letters Patent is as follows: 

1. A method comprising: 

differentiating at least one service class in a kernel to perform 
service differentiation based on content in at least one data 
packet, including the steps of: 

capturing said at least one data packet until a complete 
application header is detected; 

parsing said complete application header to determine at least 
one application tag; 

matching said at least one application tag to at least one 
matching rule; 

determining a presence of at least one match with said at least 
one matching rule; and 

performing service differentiation action based on said at least 
one matching rule. 

2. A method as in claim 1, wherein said at least one application 
tag includes at least one tag taken from a group of tags 
including: URI, cookie, request method, HTTP version, a tag in an 
application protocol, and a tag in a communication protocol. 
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1 3. A method as in claim 2, wherein the URI is the second string 

2 in a HTTP header and the cookie starts with a cookie delimiter as 

3 defined in an application protocol. 

4 4. A method as in claim 1, further comprising employing a table 

5 having said at least one matching rule. 

6 5. A method as in claim 1, wherein the step of determining 

7 includes finding a best match. 

8 6. A method as in claim 1, wherein said step of performing 

9 service differentiation action includes at least one action taken 
10 from a group of actions including: dropping, rate controlling, 

jL-JL 

pQ. scheduling connections, monitoring, request prioritization, and a 

CQ2 policing action. 

in 

KB 7. A method as in claim 6, wherein said action of dropping 

34 includes discarding a connection. 

ft 8. A method as in claim 6, wherein said action includes at least 

W6 one act taken from a group of acts including: sending a reset 

3t!7 message, sending an application return code, determining 

compliance with a given rate and/or burst, prioritization, 

19 weighted round robin, round robin, ordering, recording 

20 statistics, performing a cleanup, and protocol control. 

21 9. A method as in claim 1, further comprising installing at 

22 least one matching rule. 

23 10. A method as in claim 1, further comprising detecting 

24 establishment of a new connection. 
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1 11. A method as in claim 10, wherein said step of detecting 

2 includes establishing of a new TCP connection, 

3 12. A method as in claim 11, wherein said step of establishing 

4 of a new TCP connection includes: receiving SYN packet; sending 

5 SYN-ACK packet; deferring accept; receiving ACK for SYN-ACK 

6 packet; and deferring notification of data packet. 

7 13. A method as in claim 1, wherein said step of capturing 

8 includes detecting application header delimiters for said at 

9 least one data packet. 

10 14. An apparatus comprising a service differentiation module 

H including: 

O 

f% a parser to parse a client Web request; 

5 

O a classifier to classify the request based on application headers 

III 

14 and assigning a request class within a kernel; 

Q 

hr£s 

?' 

15 a selector to determine an action rule based on the request 
'$£> class; and 

5 H 

17 a performer to apply the action rule based on the request class. 

18 15. An apparatus comprising a policy agent, said policy agent 

19 including: 

20 a communicator to communicate from a user space to a kernel with 

21 an application interface; 
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1 an initializer to instantiate service differentiation rules for 

2 an application tag within the kernel which include classification 

3 and action rules; and 

4 a manager to delete and update rules on a user request. 

5 16. A method comprising: 

6 forming a rule, including the steps of: 

7 communicating from a user space to a kernel with an application 

8 interface; 

instantiating service differentiation rules for an application 

■ass? 

f£D tag within the kernel which include classification and action 

jfjl rules; and 

E> deleting and adding rules based upon a user request. 

£31 

jtj 17. A method as in claim 16, further comprising updating rules 

fcH based upon a user request. 

W 18. An article of manufacture comprising a computer usable 

16 medium having computer readable program code means embodied 

17 therein for causing service differentiation, the computer 

18 readable program code means in said article of manufacture 

19 comprising computer readable program code means for causing a 

20 computer to effect the steps of claim 1. 

21 19. A program storage device readable by machine, tangibly 

22 embodying a program of instructions executable by the machine to 
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perform method steps for service differentiation, said method 
steps comprising the steps of claim 1. 

20. A computer program product comprising a computer usable 
medium having computer readable program code means embodied 
therein for causing service differentiation, the computer 
readable program code means in said computer program product 
comprising computer readable program code means for causing a 
computer to effect the functions of claim 14. 

21. A computer program product comprising a computer usable 
medium having computer readable program code means embodied 
therein for causing rule installation, the computer readable 
program code means in said computer program product comprising 
computer readable program code means for causing a computer to 
effect the functions of claim 15. 
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